Spam and phishing emails are a constant problem for many email recipients and are sometimes difficult to identify. Therefore, various standards have been established that enable, for example, the identification of the sender. The latest method is called BIMI and allows the recipient to check the authenticity of the email in the inbox using the sender's brand logo. In addition to the security aspect, the additional branding is attractive for the sender. But how do you get BIMI? We at AGNITAS have tried it out ourselves and have described the process to you below. This gives you an overview of the process and allows you to decide whether this sender authentication is suitable for you.
We have also summarized this for you in a 9-point plan for the introduction of BIMI that you can print out.
What is BIMI?
BIMI (Brand Indicators for Message Identification) is an open standard that is consistently based on SPF, DKIM and DMARC. BIMI was developed by several companies such as Google, Microsoft and Verizon to specifically detect phishing emails.
Verification is based on the already established DMARC authentication process. The receiving server checks whether the email in question comes from an authorized sender - i.e. the authenticity of the sender. If this is the case, the brand logo appears directly next to the sender line. The basic requirement for the logo to be displayed is, of course, that the receiving email client supports BIMI.
In addition to protecting recipients, BIMI also ensures a better reputation as a reputable sender, both with email providers and with recipients themselves. Sending companies are thus aware that measures against cybercrime not only protect recipients, but also have a positive influence on brand perception. Domain owners can also publish multiple logos and use them with BIMI.
The BIMI process is not limited to emails alone, other services can also obtain logos in this way. Support for the BIMI standard is still new and is just beginning to establish itself.
BIMI in the inbox
With Gmail and Yahoo, two very large providers of email uk number dataset accounts are already on board. Both together had a market share of 27.7% in Germany in 2019, and this figure is growing. According to Litmus, the global market share of the two giants was as high as 38% in July 2021. It can also be assumed that other providers will follow suit.
implementation of BIMI
We at AGNITAS went through the process of using BIMI in summer/autumn 2021. So benefit from our experience. We will show you the whole process so that your logo is clearly visible in your email inbox.
Technical requirements
The technical requirements include that all other email standards have already been implemented:
SPF must be implemented
DKIM must be enabled in the EMM* as well as for all other systems that send emails under your domain, e.g. your office emails, the website, etc.
DMARC has at least the "quarantine" policy, which means that unauthenticated emails end up in the spam folder or another designated folder. The "reject" policy is even better; these emails are bounced.
* or a comparable email sending tool
Organizational requirements
BIMI requires registration of your own logo with the German Patent and Trademark Office (DPMA) or an equivalent organization abroad . The registration with the DPMA is valid for 10 years. After this, it must be renewed.
If you have already legally protected your logo and registered it with the DPMA, this step is not necessary. Please note, however, that it must be exactly the same logo as the one you want to use for BIMI. Otherwise, an adjustment must first be made at the DPMA. Bear in mind that the logo will be scaled very small and square shapes are the most advantageous.
In our case, the registration process – from application to publication – took about two weeks. The cost was about 300 euros. Please note that the costs can vary depending on how many classes/sectors you want to protect your logo or brand for.